| Age | Commit message (Collapse) | Author |
|---|
|
in6_pcbbind() into in_pcbbind().
Ok jca@ mpi@
|
|
ok jca@
|
|
regression observed on avahi.
ok benno@
|
|
route entry in ART.
rt_plen() now represents the prefix length of a route entry and should
be used instead.
For now use a "struct sockaddr_in6" to represent the mask when needed,
this should be then replaced by the prefix length and RTA_NETMASK only
used for compatibility with userland.
ok claudio@
|
|
required.
ok bluhm@ mpi@.
|
|
pf_inp_...() lookup, link and unlink functions as an interface.
Locking can be added to them later. Remove the first linking at
the beginning of tcp_input() and udp_input() as it is not necessary.
It will be done later anyway. That code was a relict, from the
time before I had added the second linking.
Input from mikeb@ and sashan@; OK sashan@
|
|
collide with the statekey to inp unlinking.
OK sashan@ mpi@
|
|
ok sthen@
|
|
OK mpi@, bluhm@
|
|
OK mpi@
|
|
function to take an interface index.
discussed with mpi@; OK claudio@
|
|
ok claudio@
|
|
socket(). Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53. In pledge mode,
a very few are further restricted. Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie
|
|
While here add a missing ``rtableid'' check in in_selectsrc().
ok bluhm@
|
|
ok mpi@
|
|
SS_DNS tagged socket which has limited functionality (for example, you
cannot accept on them...) The libc resolver will switch to using these,
therefore pledge can identify a DNS transaction better.
ok tedu guenther kettenis beck and others
|
|
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
in in_pcbbind() and in6_pcbsetport()
ok claudio@, with input from David Hill
|
|
layer because the strings select the right options. Mechanical
conversion.
ok guenther
|
|
Ok mpi@
|
|
ok deraadt@ miod@
|
|
ok mpi@
|
|
From David Hill; OK mpi@; tested kspillner@; tweaks bluhm@
|
|
The pathlist is a whitelist of dirs and files; anything else returns ENOENT.
Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which
permits explicit change operations against "struct stat" fields. Some
other TAME_ flags are refined slightly.
Not cranking libc now, since nothing commited in base uses this and the
timing is uncomfortable for others. Discussed with many; thanks for a
few bug fixes from semarie, doug, guenther.
ok guenther
|
|
into a common pattern. In the man page clarify the usage of the
returned route.
OK mpi@ mikeb@ jmc@
|
|
operating model". This is the kernel component; various changes should
proceed in-tree for a while before userland programs start using it.
ok miod, discussions and help from many
|
|
ok stsp mpi
|
|
ok mikeb
|
|
This code is largely unfinished and is not used for anything. The change
leaves identities as only objects referenced by ipsec_ref structure and
their handling requires some changes to support more advanced matching of
IPsec connections.
No objections from reyk and hshoexer, with and OK markus.
|
|
Requested by reyk@, dlg@ and OK mpi@, henning@
|
|
way garbage in the pad bytes does not perturb the outcome.
This fixes regress/sys/kern/bind.
OK mpi@, phessler@, reyk@
|
|
before <net/pfvar.h> or <net/if_pflog.h>. The kernel files can be
cleaned up next. Some sockaddr_union steps make it into here as well.
ok naddy
|
|
Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.
Prevent a fault upon resume reported by frantisek holop, thanks!
ok mikeb@, claudio@
|
|
ok mikeb@, krw@, bluhm@, tedu@
|
|
to include that than rdnvar.h. ok deraadt dlg
|
|
attacks.
this is a textbook use of siphash.
the idea of using siphash for this came from yasuoka-san, but i had
the time to do it. he also tested and tweaked this diff.
ok yasuoka@ mikeb@
|
|
INADDR_BROADCAST the same as INADDR_ANY.
ok mpi
|
|
kill the macro.
ok mikeb@, henning@
|
|
rely on "struct route" that should die.
ok claudio@
|
|
|
|
when the number of the hash entries reaches 75% of the table size.
ok dlg henning, 'commit in' claudio
|
|
system.
Yes, this is ugly for the moment because OpenBSD prevents you from
binding a tcp socket to broadcast address and checking for a broadcast
address is... funny! If you've ever wondered why would lead people to
write:
ina.s_addr != ia->ia_addr.sin_addr.s_addr
instead of:
ina.s_addr == ia->ia_broadaddr.sin_addr.s_addr
Well this is because all the IPv4 addresses belonging to your lo(4)
interfaces match the second idiom. Hopefully we'll get rid of this
hack soon.
ok jca@, mikeb@
|
|
source address selection logic.
These hacks were only relevant for the NFS diskless boot code in order to
pick the local broadcast address of the only configured interface. So, be
explicit and set this address directly.
Tested by florian@, ok henning@, beck@, chrisz@
|
|
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@
|
|
IP_SENDSRCADDR support. This reduces the differences with the
IPv6 version and kill some comments that are no longer true.
ok jca@, chrisz@, mikeb@
|
|
localhost connections.
The plan is to always use the routing table for addresses and routes
resolutions, so there is no future for an option that wants to bypass
it. This option has never been implemented for IPv6 anyway, so let's
just remove the IPv4 bits that you weren't aware of.
Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@
|
|
for later reuse in udp_output().
"Apart from that OK" claudio@
|
|
Make sure that in_pcbbind() is called from in_pcbconnect() by KASSERTing that
local port == 0 implies an unspecified local address.
OK claudio@
|
|
for localhost connections. discussed with deraadt@
|
|
use the routing table there's no future for an option that wants to
bypass it. This option has never been implemented for IPv6 anyway,
so let's just remove the IPv4 bits that you weren't aware of.
Tested by florian@, man pages inputs from jmc@, ok benno@
|
